SAE: Derive H2E PT in AP when starting the AP
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
parent
444d76f74f
commit
43b20b4370
|
@ -1424,6 +1424,11 @@ static int hostapd_ctrl_iface_set(struct hostapd_data *hapd, char *cmd)
|
||||||
if (ieee802_11_update_beacons(hapd->iface))
|
if (ieee802_11_update_beacons(hapd->iface))
|
||||||
wpa_printf(MSG_DEBUG,
|
wpa_printf(MSG_DEBUG,
|
||||||
"Failed to update beacons with WMM parameters");
|
"Failed to update beacons with WMM parameters");
|
||||||
|
} else if (os_strcmp(cmd, "wpa_passphrase") == 0 ||
|
||||||
|
os_strcmp(cmd, "sae_password") == 0 ||
|
||||||
|
os_strcmp(cmd, "sae_pwe") == 0) {
|
||||||
|
if (hapd->started)
|
||||||
|
hostapd_setup_sae_pt(hapd->conf);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -16,6 +16,7 @@
|
||||||
#include "common/ieee802_1x_defs.h"
|
#include "common/ieee802_1x_defs.h"
|
||||||
#include "common/eapol_common.h"
|
#include "common/eapol_common.h"
|
||||||
#include "common/dhcp.h"
|
#include "common/dhcp.h"
|
||||||
|
#include "common/sae.h"
|
||||||
#include "eap_common/eap_wsc_common.h"
|
#include "eap_common/eap_wsc_common.h"
|
||||||
#include "eap_server/eap.h"
|
#include "eap_server/eap.h"
|
||||||
#include "wpa_auth.h"
|
#include "wpa_auth.h"
|
||||||
|
@ -434,10 +435,50 @@ static int hostapd_derive_psk(struct hostapd_ssid *ssid)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
int hostapd_setup_sae_pt(struct hostapd_bss_config *conf)
|
||||||
|
{
|
||||||
|
#ifdef CONFIG_SAE
|
||||||
|
struct hostapd_ssid *ssid = &conf->ssid;
|
||||||
|
struct sae_password_entry *pw;
|
||||||
|
|
||||||
|
if (conf->sae_pwe == 0)
|
||||||
|
return 0; /* PT not needed */
|
||||||
|
|
||||||
|
sae_deinit_pt(ssid->pt);
|
||||||
|
ssid->pt = NULL;
|
||||||
|
if (ssid->wpa_passphrase) {
|
||||||
|
ssid->pt = sae_derive_pt(conf->sae_groups, ssid->ssid,
|
||||||
|
ssid->ssid_len,
|
||||||
|
(const u8 *) ssid->wpa_passphrase,
|
||||||
|
os_strlen(ssid->wpa_passphrase),
|
||||||
|
NULL);
|
||||||
|
if (!ssid->pt)
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
for (pw = conf->sae_passwords; pw; pw = pw->next) {
|
||||||
|
sae_deinit_pt(pw->pt);
|
||||||
|
pw->pt = sae_derive_pt(conf->sae_groups, ssid->ssid,
|
||||||
|
ssid->ssid_len,
|
||||||
|
(const u8 *) pw->password,
|
||||||
|
os_strlen(pw->password),
|
||||||
|
pw->identifier);
|
||||||
|
if (!pw->pt)
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
#endif /* CONFIG_SAE */
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf)
|
int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf)
|
||||||
{
|
{
|
||||||
struct hostapd_ssid *ssid = &conf->ssid;
|
struct hostapd_ssid *ssid = &conf->ssid;
|
||||||
|
|
||||||
|
if (hostapd_setup_sae_pt(conf) < 0)
|
||||||
|
return -1;
|
||||||
|
|
||||||
if (ssid->wpa_passphrase != NULL) {
|
if (ssid->wpa_passphrase != NULL) {
|
||||||
if (ssid->wpa_psk != NULL) {
|
if (ssid->wpa_psk != NULL) {
|
||||||
wpa_printf(MSG_DEBUG, "Using pre-configured WPA PSK "
|
wpa_printf(MSG_DEBUG, "Using pre-configured WPA PSK "
|
||||||
|
@ -643,6 +684,9 @@ static void hostapd_config_free_sae_passwords(struct hostapd_bss_config *conf)
|
||||||
pw = pw->next;
|
pw = pw->next;
|
||||||
str_clear_free(tmp->password);
|
str_clear_free(tmp->password);
|
||||||
os_free(tmp->identifier);
|
os_free(tmp->identifier);
|
||||||
|
#ifdef CONFIG_SAE
|
||||||
|
sae_deinit_pt(tmp->pt);
|
||||||
|
#endif /* CONFIG_SAE */
|
||||||
os_free(tmp);
|
os_free(tmp);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -679,6 +723,9 @@ void hostapd_config_free_bss(struct hostapd_bss_config *conf)
|
||||||
#ifdef CONFIG_FULL_DYNAMIC_VLAN
|
#ifdef CONFIG_FULL_DYNAMIC_VLAN
|
||||||
os_free(conf->ssid.vlan_tagged_interface);
|
os_free(conf->ssid.vlan_tagged_interface);
|
||||||
#endif /* CONFIG_FULL_DYNAMIC_VLAN */
|
#endif /* CONFIG_FULL_DYNAMIC_VLAN */
|
||||||
|
#ifdef CONFIG_SAE
|
||||||
|
sae_deinit_pt(conf->ssid.pt);
|
||||||
|
#endif /* CONFIG_SAE */
|
||||||
|
|
||||||
hostapd_config_free_eap_users(conf->eap_user);
|
hostapd_config_free_eap_users(conf->eap_user);
|
||||||
os_free(conf->eap_user_sqlite);
|
os_free(conf->eap_user_sqlite);
|
||||||
|
|
|
@ -99,6 +99,7 @@ struct hostapd_ssid {
|
||||||
struct hostapd_wpa_psk *wpa_psk;
|
struct hostapd_wpa_psk *wpa_psk;
|
||||||
char *wpa_passphrase;
|
char *wpa_passphrase;
|
||||||
char *wpa_psk_file;
|
char *wpa_psk_file;
|
||||||
|
struct sae_pt *pt;
|
||||||
|
|
||||||
struct hostapd_wep_keys wep;
|
struct hostapd_wep_keys wep;
|
||||||
|
|
||||||
|
@ -251,6 +252,7 @@ struct sae_password_entry {
|
||||||
char *identifier;
|
char *identifier;
|
||||||
u8 peer_addr[ETH_ALEN];
|
u8 peer_addr[ETH_ALEN];
|
||||||
int vlan_id;
|
int vlan_id;
|
||||||
|
struct sae_pt *pt;
|
||||||
};
|
};
|
||||||
|
|
||||||
struct dpp_controller_conf {
|
struct dpp_controller_conf {
|
||||||
|
@ -1104,5 +1106,6 @@ int hostapd_config_check(struct hostapd_config *conf, int full_config);
|
||||||
void hostapd_set_security_params(struct hostapd_bss_config *bss,
|
void hostapd_set_security_params(struct hostapd_bss_config *bss,
|
||||||
int full_config);
|
int full_config);
|
||||||
int hostapd_sae_pw_id_in_use(struct hostapd_bss_config *conf);
|
int hostapd_sae_pw_id_in_use(struct hostapd_bss_config *conf);
|
||||||
|
int hostapd_setup_sae_pt(struct hostapd_bss_config *conf);
|
||||||
|
|
||||||
#endif /* HOSTAPD_CONFIG_H */
|
#endif /* HOSTAPD_CONFIG_H */
|
||||||
|
|
Loading…
Reference in a new issue